BadFormat for message/cookie error (CLASSIC-STUN)

[ispysoftware]

I know i'm missing something obvious here. The examples seem to demonstrate setting this up as STUN or TURN. TURN should also support STUN right?

When I run it as a TURN server and test it from stun client (on ubuntu) I get errors like

OnTurnServerOutput: turn ERROR: 2025/02/23 10:27:36 Failed to handle datagram: failed to create stun message from packet: BadFormat for message/cookie: 1c0265f is invalid magic cookie (should be 2112a442)
OnTurnServerOutput: turn ERROR: 2025/02/23 10:27:36 Failed to handle datagram: failed to create stun message from packet: BadFormat for message/cookie: 203e909 is invalid magic cookie (should be 2112a442)
OnTurnServerOutput: turn ERROR: 2025/02/23 10:27:36 Failed to handle datagram: failed to create stun message from packet: BadFormat for message/cookie: 3c0a820 is invalid magic cookie (should be 2112a442)
OnTurnServerOutput: turn ERROR: 2025/02/23 10:27:36 Failed to handle datagram: failed to create stun message from packet: BadFormat for message/cookie: 19c1239 is invalid magic cookie (should be 2112a442)

Do I need to do anything special to support both? Is the AuthHandler being called for Binding requests?

 server, err := turn.NewServer(turn.ServerConfig{
     Realm: *realm,
     AuthHandler: func(username, realm string, srcAddr net.Addr) ([]byte, bool) {
         userSuffix, valid := validateUsername(username)
         if !valid {
             log.Println("Auth failed; invalid username:", username)
             return nil, false
         }
         expectedPassword := generateTURNPassword(username, realm, *staticAuthSecret)
         key := turn.GenerateAuthKey(username, realm, expectedPassword)
         log.Printf("Auth succeeded for user: %s (suffix=%s)", username, userSuffix)
         return key, true
     },
     PacketConnConfigs: packetConfigs,
     ListenerConfigs:   listenerConfigs,
 })

[Sean-Der]

It should work by default! The STUN packets are responded too automatically.

That error message is suggesting we aren't actually getting a STUN packet. Could you do wireshark/tcpdump and see if the TURN server is wrong?

[ispysoftware]

Thanks for responding.
Wireshark is detecting this as CLASSIC-STUN. I'm wondering if pion supports that or not? When i try the ubuntu stun test client on googles stun servers it seems to work ok.

I'm getting the same error reports from deployed pion turn servers but they say "Failed to handle datagram: failed to create stun message from packet: BadFormat for message/cookie: 0 is invalid magic cookie (should be 2112a442)"

I think some clients are probably using some older STUN version.
Packet capture attached.

pcap.zip

edit: had a report that chrome on windows 10 is also causing this issue
chrome on win 11 seems ok.

[ispysoftware]

OK it looks like i've run into

Compatability notes
RFC 5389 obsoletes RFC 3489, so implementation was ignored by purpose, however, RFC 3489 can be easily implemented as separate package.

This is a bit of a show-stopper if windows 10 clients and linux clients are still using that RFC and it completely breaks the functionality of this library.

[hpmkruit]

Source of the reported issue here. Let me know if i can test something or provide with extra info.

I have been using win 10 on server side and chrome client on desktop and mobile and been getting these issues